1pam_unix_auth(5)      Standards, Environments, and Macros     pam_unix_auth(5)
2
3
4

NAME

6       pam_unix_auth - PAM authentication module for UNIX
7

SYNOPSIS

9       pam_unix_auth.so.1
10
11

DESCRIPTION

13       The  pam_unix_auth  module implements pam_sm_authenticate(), which pro‐
14       vides functionality to the PAM authentication stack. It provides  func‐
15       tions  that  use crypt(3C) to verify that the password contained in the
16       PAM item PAM_AUTHTOK is the correct password for the user specified  in
17       the item PAM_USER. If PAM_REPOSITORY is specified, then user's password
18       is  fetched  from  that  repository.  Otherwise,   the   default   nss‐
19       witch.conf(4) repository is searched for that user.
20
21
22       For accounts in the name services which support automatic account lock‐
23       ing, the account may be configured  to  be  automatically  locked  (see
24       user_attr(4)  and policy.conf(4)) after multiple failed login attempts.
25       For accounts that are configured for automatic locking, if  authentica‐
26       tion failure is to be returned, the failed login counter is incremented
27       upon each failure. If the  number  of  successive  failures  equals  or
28       exceeds  RETRIES  as  defined  in  login(1),  the account is locked and
29       PAM_MAXTRIES is returned. Currently, only the "files"  repository  (see
30       passwd(4) and shadow(4)) supports automatic account locking. A success‐
31       ful authentication by this module clears the failed login  counter  and
32       reports the number of failed attempts since the last successful authen‐
33       tication.
34
35
36       Authentication service modules  must  implement  both  pam_sm_authenti‐
37       cate()  and  pam_sm_setcred().  To  allow the authentication portion of
38       UNIX authentication to be replaced,  pam_sm_setcred()  in  this  module
39       always   returns   PAM_IGNORE.  This  module  should  be  stacked  with
40       pam_unix_cred(5) to ensure a successful return from pam_setcred(3PAM).
41
42
43       The following options can be passed to the module:
44
45       nowarn
46
47           Turn off warning messages.
48
49
50       server_policy
51
52           If the account authority for the user, as specified by PAM_USER, is
53           a server, do not apply the UNIX policy from the passwd entry in the
54           name service switch.
55
56
57       nolock
58
59           Regardless  of  the  automatic  account  locking  setting  for  the
60           account,  do  not  lock  the account, increment or clear the failed
61           login count. The nolock option allows for exempting account locking
62           on a per service basis.
63
64

ERRORS

66       The following error codes are returned from pam_sm_authenticate():
67
68       PAM_AUTH_ERR
69
70           Authentication failure.
71
72
73       PAM_BUF_ERR
74
75           Memory buffer error.
76
77
78       PAM_IGNORE
79
80           Ignores module, not participating in result.
81
82
83       PAM_MAXTRIES
84
85           Maximum number of retries exceeded.
86
87
88       PAM_PERM_DENIED
89
90           Permission denied.
91
92
93       PAM_SUCCESS
94
95           Successfully obtains authentication token.
96
97
98       PAM_SYSTEM_ERR
99
100           System error.
101
102
103       PAM_USER_UNKNOWN
104
105           No account present for user.
106
107
108
109       The following error codes are returned from pam_sm_setcred():
110
111       PAM_IGNORE
112
113           Ignores this module regardless of the control flag.
114
115

ATTRIBUTES

117       See attributes(5) for descriptions of the following attributes:
118
119
120
121
122       ┌─────────────────────────────┬─────────────────────────────┐
123       │      ATTRIBUTE TYPE         │      ATTRIBUTE VALUE        │
124       ├─────────────────────────────┼─────────────────────────────┤
125       │Interface Stability          │Committed                    │
126       ├─────────────────────────────┼─────────────────────────────┤
127       │MT Level                     │MT-Safe with exceptions      │
128       └─────────────────────────────┴─────────────────────────────┘
129

SEE ALSO

131       login(1),   passwd(1),  useradd(1M),  usermod(1M),  roleadd(1M),  role‐
132       mod(1M), crypt(3C),  libpam(3LIB),  pam(3PAM),  pam_authenticate(3PAM),
133       pam_setcred(3PAM),  syslog(3C), pam.conf(4), passwd(4), policy.conf(4),
134       nsswitch.conf(4),  shadow(4),  user_attr(4),  attributes(5),  pam_auth‐
135       tok_check(5),  pam_authtok_get(5), pam_authtok_store(5), pam_dhkeys(5),
136       pam_passwd_auth(5), pam_unix_account(5), pam_unix_session(5)
137

NOTES

139       The interfaces in libpam(3LIB) are MT-Safe only if each  thread  within
140       the multi-threaded application uses its own PAM handle.
141
142
143       The pam_unix(5) module is no longer supported. Similar functionality is
144       provided   by   pam_authtok_check(5),   pam_authtok_get(5),   pam_auth‐
145       tok_store(5),    pam_dhkeys(5),   pam_passwd_auth(5),pam_setcred(3PAM),
146       pam_unix_account(5), pam_unix_cred(5), pam_unix_session(5).
147
148
149       If the PAM_REPOSITORY item_type is set and a service  module  does  not
150       recognize  the  type,  the service module does not process any informa‐
151       tion, and returns PAM_IGNORE. If the PAM_REPOSITORY  item_type  is  not
152       set, a service module performs its default action.
153
154
155
156SunOS 5.11                        23 Apr 2008                 pam_unix_auth(5)
Impressum